homeland security

How soon until someone writes a country ballad about heartbleed? Knowing the Internet, probably before all the currently vulnerable sites are patched. Researchers at University of Michigan previously produced a tool which was capable of scanning large swaths of the Internet at incredibly fast speeds. They took advantage of this tool to regularly scan the top 1 million sites on the Internet (as categorized by Alexa)(who is not a person) and determine what portion of the sites are vulnerable. Mashable, meanwhile, has compiled a list of the big websites that were vulnerable (but now are not). This bug is the latest and greatest of them….yet (as XKCD points out)

“If you fix one Internet security bug, you can be sure that attackers will just find another, potentially more dangerous one. “Over all, attackers have the competitive advantage,” said Jen Weedon, who works on the threat intelligence team at the security company Mandiant. “Defenders need to defend everything. All attackers need to find is one vulnerability.””